Welcome

We are pleased to announce that the Ireland chapter will host the OWASP AppSec Europe 2011 global conference in beautiful Dublin, Ireland.

The AppSec Europe conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

AppSec Europe 2011 will be held at Trinity College Dublin (map) on June 7th through 10th 2011. There will be training courses on June 7th and 8th followed by plenary sessions on the 9th and 10th with each day having at least three tracks. AppSec Europe may also have BOF (informal adhoc meetings), break out, or speed talks in addition to the standard schedule depending on the submissions received.
If you have any questions, please email the conference chair: appseceu at owasp.org

Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance

Security Managers and Staff

Executives, Managers, and Staff Responsible for IT Security Governance

IT Professionals Interested in Improving IT Security

How to get to AppSec EU?

The OWASP AppSec EU Conference takes place in the Arts Building in the grounds of Trinity College, Dublin 2. You could find a copy of the Trinity College grounds and some directions on how to get to the Arts Building in the URL below.

Registration

Registration Fees

Ticket Type

Before 6th April

After 6th April

After 6th May

Non-Member

€250

€300

€350

Active OWASP Member

€200

€250

€300

Student

€150

€200

€250

Course

Fee

1 Day Training

€495

2 Day Training

€990

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

* We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size :).

June 7th-8th (Training)

Schedule

Threat Modeling and Architecture Review are the cornerstones of a preventative approach to Application Security. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the threat an application faces and how the application will handle those potential threats. This enables the risk to be accurately assessed and appropriate changes or mitigating controls recommended.

Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of three different web applications, and the browsers connecting to them. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a fourth web application that contains keys you must find and collect. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available open source tools.

While application flaws should ideally be fixed in the source code, this is often not a feasible task for various reasons. Web application firewalls are often deployed as an additional layer of security that can monitor, detect and prevent attacks before they reach the web application. ModSecurity, an extremely popular open source web application firewall, is often used to help protect web applications against known and unknown vulnerabilities alike.

This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities

Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand.

Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code

This course provides an introduction to security for mobile and smartphone applications. It walks through a basic threat model for a smartphone application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques. Particular emphasis will be on the unique security challenges that developing software for mobile devices represent, comparing mobile software security concepts to those in the web application world

Accommodation

The Morgan Hotel:

Stay in one of the best luxury hotels in Dublin, The Morgan, Design hotel is located in Temple Bar. This 4 star Hotel Dublin offers an oasis of calm in a central location. The hotel’s cool modern interiors, chic design and boutique luxury hotel rooms are all part of an experience designed to pamper guests and breathe new life and style into hotel living.

This city centre Dublin hotel is just a few blocks away from Trinity College, Grafton Street, the main shopping thoroughfare, theatres, shopping, music and nightlife along with proximity to the IFSC, Dublin’s main business district. There is no other 4 star hotel Dublin quite like it!

Stay in the heart of the conference action at a hotel specially discounted for its attendees.

Rooms can be booked by emailing reservations@themorgan.com and quoting OWASP.

The contact in reservations is Bernadette Doyle and you could contact her for special requests at the following number: +353 1 643 7000

Trinity College:
Accommodation is also available on the historic campus at Trinity College Dublin, located right in the centre of the city. The bedrooms, many of which have been recently renovated, are excellent value with prices ranging from Euro 55.00 to Euro 100.00 per night. Rooms are serviced daily and continental breakfast is included in room rates.

Industry Outreach Sessions

Security for Managers and Executives

The purpose for this session is to help organizations understand why application security is important and how OWASP can help in making their applications more secure. It will give them an opportunity to learn what documentation, training, architecture, tools and infrastructure is available. The best part is all these materials are free. OWSAP provides the solution for their application security needs. We are also looking to improve collaboration by helping get more organization participating in OWASP projects. This will help us ensure that we account for the various needs of industry and develop well vetted best practices.

CISO Survey

The objective of this session is to solicit feedback from industry leaders to help inform the content of the upcoming OWASP CISO survey. Specifically, we are interested in what they would like to see in a survey of their peers and leaders and how they think such a survey should be executed. The session will provide participants an opportunity to meet with peers in a vendor-free environment and discuss their problems with and solutions to information security. It will also allow them to shape the focus of the upcoming survey to maximize the return value to them.

Global Industry Roundtable

This roundtable session will involve a series of questions aimed at driving discussion to determine: How can the OWASP Global Industry Committee become more relevant and work to achieve a better working relationship with industry verticals? What would types of OWASP resources (if none are currently available) would your company find value in? If you are not currently an OWASP member or corporate supporter, why not?

The outcomes of this session, as well as similar sessions that we hope to host at the other OWASP global appsec conferences this year, will be used determine whether a new membership model (esp. for corporate supporters) is needed within OWASP as well as where committee resources should be focused in the upcoming year(s).

Sponsorship Options

OWASP is providing sponsors exclusive access to its audience in Trinity College Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers.Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.

The conference is expected to draw over 400 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.

Sponsorship opportunities are filling up rapidly. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit), driving funding for research grants, tools and documents, local chapters, and more.

All sponsorship opportunities feature significant discounts to OWASP members, allowing you year-round access the web application security’s top thinkers as well as use of OWASP materials in product and service delivery.

To find out more about the different sponsorship opportunities please check the document below:

SoccerCon EU

We are organizing a Futbol (Soccer) friendly in Ireland for AppSec EU. For those that partook in the friendly in Portugal, the event was a big success
despite the fact we played at 8am, inebriated, with a semi-deflated ball, on a slick concrete court - all of such conditions which allow me to continue my personal denial for the loss we experienced against the Portuguese/ Brazilian Chapter leads. All that aside, I would like to know if there are
any members interest to relive this in much better fashion while in Dublin.